MD5 - set usedforsecurity-parameter for all uses (#5190)

2022-06-03 09:41:30 +00:00 · 2022-06-03 09:41:30 +00:00 · 0fe30b0440
commit 0fe30b0440
parent 8f8de3f342
9 changed files with 33 additions and 18 deletions
--- a/moto/cognitoidp/models.py
+++ b/moto/cognitoidp/models.py
@ -1,5 +1,4 @@
 import datetime
 import hashlib
 import json
 import os
 import time
@ -31,6 +30,7 @@ from .utils import (
    PAGINATION_MODEL,
 )
 from moto.utilities.paginator import paginate
 from moto.utilities.utils import md5_hash
 class UserStatus(str, enum.Enum):
@ -595,11 +595,11 @@ class CognitoIdpUserPoolDomain(BaseModel):
    def _distribution_name(self):
        if self.custom_domain_config and "CertificateArn" in self.custom_domain_config:
-            unique_hash = hashlib.md5(
+            unique_hash = md5_hash(
                self.custom_domain_config["CertificateArn"].encode("utf-8")
            ).hexdigest()
            return f"{unique_hash[:16]}.cloudfront.net"
-        unique_hash = hashlib.md5(self.user_pool_id.encode("utf-8")).hexdigest()
+        unique_hash = md5_hash(self.user_pool_id.encode("utf-8")).hexdigest()
        return f"{unique_hash[:16]}.amazoncognito.com"
    def to_json(self, extended=True):
--- a/moto/ec2/utils.py
+++ b/moto/ec2/utils.py
@ -1,5 +1,4 @@
 import base64
 import hashlib
 import fnmatch
 import random
 import re
@ -12,6 +11,7 @@ from cryptography.hazmat.primitives.asymmetric import rsa
 from moto.core import get_account_id
 from moto.iam import iam_backends
 from moto.utilities.utils import md5_hash
 EC2_RESOURCE_TO_PREFIX = {
    "customer-gateway": "cgw",
@ -651,7 +651,7 @@ def rsa_public_key_fingerprint(rsa_public_key):
        encoding=serialization.Encoding.DER,
        format=serialization.PublicFormat.SubjectPublicKeyInfo,
    )
-    fingerprint_hex = hashlib.md5(key_data).hexdigest()
+    fingerprint_hex = md5_hash(key_data).hexdigest()
    fingerprint = re.sub(r"([a-f0-9]{2})(?!$)", r"\1:", fingerprint_hex)
    return fingerprint
--- a/moto/efs/models.py
+++ b/moto/efs/models.py
@ -7,7 +7,6 @@ https://docs.aws.amazon.com/efs/latest/ug/whatisefs.html
 import json
 import time
 from copy import deepcopy
 from hashlib import md5
 from moto.core import get_account_id, BaseBackend, BaseModel, CloudFormationModel
 from moto.core.utils import (
@ -32,6 +31,7 @@ from moto.efs.exceptions import (
    SecurityGroupLimitExceeded,
 )
 from moto.utilities.tagging_service import TaggingService
 from moto.utilities.utils import md5_hash
 def _lookup_az_id(az_name):
@ -382,7 +382,7 @@ class EFSBackend(BaseBackend):
        if max_items < len(corpus):
            new_corpus = corpus[max_items:]
            new_corpus_dict = [c.info_json() for c in new_corpus]
-            new_hash = md5(json.dumps(new_corpus_dict).encode("utf-8"))
+            new_hash = md5_hash(json.dumps(new_corpus_dict).encode("utf-8"))
            next_marker = new_hash.hexdigest()
            self.next_markers[next_marker] = new_corpus
        else:
--- a/moto/glacier/models.py
+++ b/moto/glacier/models.py
@ -4,6 +4,7 @@ import datetime
 from moto.core import get_account_id, BaseBackend, BaseModel
 from moto.core.utils import BackendDict
 from moto.utilities.utils import md5_hash
 from .utils import get_job_id
@ -117,7 +118,7 @@ class Vault(BaseModel):
        return d
    def create_archive(self, body, description):
-        archive_id = hashlib.md5(body).hexdigest()
+        archive_id = md5_hash(body).hexdigest()
        self.archives[archive_id] = {}
        self.archives[archive_id]["archive_id"] = archive_id
        self.archives[archive_id]["body"] = body
--- a/moto/iam/models.py
+++ b/moto/iam/models.py
@ -1,5 +1,4 @@
 import base64
 import hashlib
 import os
 import random
 import string
@ -22,6 +21,7 @@ from moto.core.utils import (
    iso_8601_datetime_with_milliseconds,
 )
 from moto.iam.policy_validation import IAMPolicyDocumentValidator
 from moto.utilities.utils import md5_hash
 from .aws_managed_policies import aws_managed_policies_data
 from .exceptions import (
@ -1014,7 +1014,7 @@ class SshPublicKey(BaseModel):
        self.user_name = user_name
        self.ssh_public_key_body = ssh_public_key_body
        self.ssh_public_key_id = "APKA" + random_access_key()
-        self.fingerprint = hashlib.md5(ssh_public_key_body.encode()).hexdigest()
+        self.fingerprint = md5_hash(ssh_public_key_body.encode()).hexdigest()
        self.status = "Active"
        self.upload_date = datetime.utcnow()
--- a/moto/kinesis/models.py
+++ b/moto/kinesis/models.py
@ -4,12 +4,12 @@ import re
 import itertools
 from operator import attrgetter
 from hashlib import md5
 from moto.core import BaseBackend, BaseModel, CloudFormationModel
 from moto.core.utils import unix_time, BackendDict
 from moto.core import get_account_id
 from moto.utilities.paginator import paginate
 from moto.utilities.utils import md5_hash
 from .exceptions import (
    ConsumerNotFound,
    StreamNotFoundError,
@ -363,7 +363,7 @@ class Stream(CloudFormationModel):
                raise InvalidArgumentError("explicit_hash_key")
        else:
-            key = int(md5(partition_key.encode("utf-8")).hexdigest(), 16)
+            key = int(md5_hash(partition_key.encode("utf-8")).hexdigest(), 16)
        for shard in self.shards.values():
            if shard.starting_hash <= key < shard.ending_hash:
--- a/moto/s3/models.py
+++ b/moto/s3/models.py
@ -2,7 +2,6 @@ import json
 import os
 import base64
 import datetime
 import hashlib
 import copy
 import itertools
 import codecs
@ -33,7 +32,7 @@ from moto.core.utils import (
 )
 from moto.cloudwatch.models import MetricDatum
 from moto.utilities.tagging_service import TaggingService
-from moto.utilities.utils import LowercaseDict
+from moto.utilities.utils import LowercaseDict, md5_hash
 from moto.s3.exceptions import (
    AccessDeniedByLock,
    BucketAlreadyExists,
@ -213,7 +212,7 @@ class FakeKey(BaseModel):
    @property
    def etag(self):
        if self._etag is None:
-            value_md5 = hashlib.md5()
+            value_md5 = md5_hash()
            self._value_buffer.seek(0)
            while True:
                block = self._value_buffer.read(16 * 1024 * 1024)  # read in 16MB chunks
@ -376,7 +375,7 @@ class FakeMultipart(BaseModel):
        if count == 0:
            raise MalformedXML
-        etag = hashlib.md5()
+        etag = md5_hash()
        etag.update(bytes(md5s))
        return total, "{0}-{1}".format(etag.hexdigest(), count)
--- a/moto/sqs/models.py
+++ b/moto/sqs/models.py
@ -20,6 +20,7 @@ from moto.core.utils import (
    tags_from_cloudformation_tags_list,
    BackendDict,
 )
 from moto.utilities.utils import md5_hash
 from .utils import generate_receipt_handle
 from .exceptions import (
    MessageAttributesInvalid,
@ -85,14 +86,14 @@ class Message(BaseModel):
    @property
    def body_md5(self):
-        md5 = hashlib.md5()
+        md5 = md5_hash()
        md5.update(self._body.encode("utf-8"))
        return md5.hexdigest()
    @property
    def attribute_md5(self):
-        md5 = hashlib.md5()
+        md5 = md5_hash()
        for attrName in sorted(self.message_attributes.keys()):
            self.validate_attribute_name(attrName)
--- a/moto/utilities/utils.py
+++ b/moto/utilities/utils.py
@ -1,4 +1,5 @@
 import json
 import hashlib
 import random
 import string
 import pkgutil
@ -57,6 +58,19 @@ def filter_resources(resources, filters, attr_pairs):
    return result
 def md5_hash(data=None):
    """
    MD5-hashing for non-security usecases.
    Required for Moto to work in FIPS-enabled systems
    """
    args = (data,) if data else ()
    try:
        return hashlib.md5(*args, usedforsecurity=False)
    except TypeError:
        # The usedforsecurity-parameter is only available as of Python 3.9
        return hashlib.md5(*args)
 class LowercaseDict(MutableMapping):
    """A dictionary that lowercases all keys"""